rpms / rpm

Clone
Source Code
GIT

Blame 0028-fsverity-plugin-Use-tag-for-algorithm.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-imaevm-bootstrap c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   58b5f2832f2e7a521ad9e519b0ed861d10c8174e
  2.   0028-fsverity-plugin-Use-tag-for-algorithm.patch
Blob History Raw
45e748 
From 5a5286ac37cd58779cc0e5b69088d9acc8f40c4e Mon Sep 17 00:00:00 2001
45e748 
From: Jes Sorensen <jsorensen@fb.com>
45e748 
Date: Mon, 20 Apr 2020 14:13:51 -0400
45e748 
Subject: [PATCH 28/33] fsverity plugin: Use tag for algorithm
45e748
45e748 
This uses the algorithm from the tag, if available. Fallback is SHA256.
45e748
45e748 
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
45e748 
---
45e748 
 lib/rpmfi.c        | 9 ++++++---
45e748 
 lib/rpmfi.h        | 3 ++-
45e748 
 lib/rpmfiles.h     | 3 ++-
45e748 
 plugins/fsverity.c | 8 ++++++--
45e748 
 4 files changed, 16 insertions(+), 7 deletions(-)
45e748
45e748 
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
45e748 
index 70f05f509..3e2b4e676 100644
45e748 
--- a/lib/rpmfi.c
45e748 
+++ b/lib/rpmfi.c
45e748 
@@ -585,7 +585,8 @@ const unsigned char * rpmfilesFSignature(rpmfiles fi, int ix, size_t *len)
45e748 
     return signature;
45e748 
 }
45e748
45e748 
-const unsigned char * rpmfilesVSignature(rpmfiles fi, int ix, size_t *len)
45e748 
+const unsigned char * rpmfilesVSignature(rpmfiles fi, int ix, size_t *len,
45e748 
+					 uint16_t *algo)
45e748 
 {
45e748 
     const unsigned char *vsignature = NULL;
45e748
45e748 
@@ -594,6 +595,8 @@ const unsigned char * rpmfilesVSignature(rpmfiles fi, int ix, size_t *len)
45e748 
 	    vsignature = fi->veritysigs + (fi->veritysiglength * ix);
45e748 
 	if (len)
45e748 
 	    *len = fi->veritysiglength;
45e748 
+	if (algo)
45e748 
+	    *algo = fi->verityalgo;
45e748 
     }
45e748 
     return vsignature;
45e748 
 }
45e748 
@@ -1963,9 +1966,9 @@ const unsigned char * rpmfiFSignature(rpmfi fi, size_t *len)
45e748 
     return rpmfilesFSignature(fi->files, fi ? fi->i : -1, len);
45e748 
 }
45e748
45e748 
-const unsigned char * rpmfiVSignature(rpmfi fi, size_t *len)
45e748 
+const unsigned char * rpmfiVSignature(rpmfi fi, size_t *len, uint16_t *algo)
45e748 
 {
45e748 
-    return rpmfilesVSignature(fi->files, fi ? fi->i : -1, len);
45e748 
+    return rpmfilesVSignature(fi->files, fi ? fi->i : -1, len, algo);
45e748 
 }
45e748
45e748 
 uint32_t rpmfiFDepends(rpmfi fi, const uint32_t ** fddictp)
45e748 
diff --git a/lib/rpmfi.h b/lib/rpmfi.h
45e748 
index fcb9d3acd..6fd2747d6 100644
45e748 
--- a/lib/rpmfi.h
45e748 
+++ b/lib/rpmfi.h
45e748 
@@ -194,9 +194,10 @@ const unsigned char * rpmfiFSignature(rpmfi fi, size_t *siglen);
45e748 
  * Return current verity (binary) signature of file info set iterator.
45e748 
  * @param fi		file info set iterator
45e748 
  * @retval siglen	signature length (pass NULL to ignore)
45e748 
+ * @retval algo		fsverity algorithm
45e748 
  * @return		current verity signature, NULL on invalid
45e748 
  */
45e748 
-const unsigned char * rpmfiVSignature(rpmfi fi, size_t *siglen);
45e748 
+const unsigned char * rpmfiVSignature(rpmfi fi, size_t *siglen, uint16_t *algo);
45e748
45e748 
 /** \ingroup rpmfi
45e748 
  * Return current file linkto (i.e. symlink(2) target) from file info set iterator.
45e748 
diff --git a/lib/rpmfiles.h b/lib/rpmfiles.h
45e748 
index 81b3d01a1..64b33281a 100644
45e748 
--- a/lib/rpmfiles.h
45e748 
+++ b/lib/rpmfiles.h
45e748 
@@ -450,7 +450,8 @@ const unsigned char * rpmfilesFSignature(rpmfiles fi, int ix, size_t *len);
45e748 
  * @retval len       signature length (pass NULL to ignore)
45e748 
  * @return              verity signature, NULL on invalid
45e748 
  */
45e748 
-const unsigned char * rpmfilesVSignature(rpmfiles fi, int ix, size_t *len);
45e748 
+const unsigned char * rpmfilesVSignature(rpmfiles fi, int ix, size_t *len,
45e748 
+					 uint16_t *algo);
45e748
45e748 
 /** \ingroup rpmfiles
45e748 
  * Return file rdev from file info set.
45e748 
diff --git a/plugins/fsverity.c b/plugins/fsverity.c
45e748 
index 15ddcf33e..1e7f38b38 100644
45e748 
--- a/plugins/fsverity.c
45e748 
+++ b/plugins/fsverity.c
45e748 
@@ -39,6 +39,7 @@ static rpmRC fsverity_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
45e748 
     struct fsverity_enable_arg arg;
45e748 
     const unsigned char * signature = NULL;
45e748 
     size_t len;
45e748 
+    uint16_t algo = 0;
45e748 
     int rc = RPMRC_OK;
45e748 
     int fd;
45e748 
     rpmFileAction action = XFO_ACTION(op);
45e748 
@@ -75,7 +76,7 @@ static rpmRC fsverity_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
45e748 
 	goto exit;
45e748 
     }
45e748
45e748 
-    signature = rpmfiVSignature(fi, &len;;
45e748 
+    signature = rpmfiVSignature(fi, &len, &algo);
45e748 
     if (!signature || !len) {
45e748 
 	rpmlog(RPMLOG_DEBUG, "fsverity no signature for: path %s dest %s\n",
45e748 
 	       path, dest);
45e748 
@@ -84,7 +85,10 @@ static rpmRC fsverity_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
45e748
45e748 
     memset(&arg, 0, sizeof(arg));
45e748 
     arg.version = 1;
45e748 
-    arg.hash_algorithm = FS_VERITY_HASH_ALG_SHA256;
45e748 
+    if (algo)
45e748 
+	arg.hash_algorithm = algo;
45e748 
+    else
45e748 
+	arg.hash_algorithm = FS_VERITY_HASH_ALG_SHA256;
45e748 
     arg.block_size = RPM_FSVERITY_BLKSZ;
45e748 
     arg.sig_ptr = (uintptr_t)signature;
45e748 
     arg.sig_size = len;
45e748 
--
45e748 
2.27.0
45e748

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation